Change your master passwords: LastPass hacked

Victor Barreiro Jr.
While there is no evidence of encrypted user vault data being taken, LastPass account email addresses, password reminders, server per user salts, and authentication hashes are compromised

LASTPASS. Screen shot from LastPass Website

MANILA, Philippines – Password manager LastPass announced on their company blog on Monday, June 15 (June 16, Manila time) that it was hacked.

While the passwords you have saved on other sites should remain safe, LastPass did urge users to change their master password and enable two-factor authentication on the service.

The company’s security notice explained that in the company’s investigation, there was “no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.”

It added, however, that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

The security notice further said that “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.” LastPass will also email everyone about the security incident. (READ: Personal password management with KeePass and LastPass)

Users can visit this link to update their passwords. They can also enable multifactor authentication through a number of different services via this link to increase the protection on LastPass accounts. – Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.